[bind10-dev] Resolver response to NOTIFY query
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Wed Apr 13 22:06:11 UTC 2011
At Wed, 13 Apr 2011 20:10:29 +0100,
Stephen Morris <stephen at isc.org> wrote:
> With the current version of BIND 10, when I send a query with opcode 4
> (NOTIFY) to the resolver, I get a response of "not authoritative for
> zone" (rcode = 9).
>
> RFC 1996 which introduces Notify only seems to cover the case of
> master-slave communication. But it says:
>
> If a NOTIFY request is received by a slave who does not
> implement the NOTIFY opcode, it will respond with a NOTIMP
> (unimplemented feature error) message.
>
> In our case, the resolver has no ability to respond to a notify, which
> is why a "not implemented" (rcode = 4) response seems logical. But as
> the server is not configured to accept notifies from the sending system,
> perhaps some other response is appropriate, e.g. BIND 9.7.1 returns
> format error (rcode = 1).
>
> Thoughts?
Unless we expect the recipient of the error to take a specific action
based on a particular rcode I don't care much about which code. But
according to RFC1035 "not implemented" looks okay to me.
FWIW, btw, from my quick experiments this is what other
implementations do:
- unbound returns NOTIMP
- google public DNS returns SERVFAIL
- OpenDNS returns NOTIMP but changed the opcode to QUERY (!)
- powerdns recursor (3.1.7, which is a bit old) seems to regard it as
a normal query and handle it accordingly (!!)
The variation seems to indicate it doesn't matter in practice:-)
---
JINMEI, Tatuya
More information about the bind10-dev
mailing list